Cleartext Storage Vulnerability in Netis WF-2404 Router
CVE-2025-2922

1LOW

Key Information:

Vendor

Netis

Status
Wf-2404
Vendor
CVE Published:
28 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2922?

A vulnerability has been identified in the Netis WF-2404 router, specifically within an unknown functionality of the BusyBox Shell. This flaw results in the cleartext storage of sensitive information, potentially exposing critical data. Attackers with physical access to the device may exploit this weakness, albeit the complexity and difficulty of executing an attack are relatively high. Despite the disclosure of the exploit to the public, the vendor has not responded to reports of this issue, leaving users at risk.

Affected Version(s)

WF-2404 1.1.124EN

References

https://vuldb.com/?id.301897
vdb-entry
https://vuldb.com/?ctiid.301897
signaturepermissions-required
https://vuldb.com/?submit.521039
third-party-advisory

CVSS V4

Score:
1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

scoozi (VulDB User)
.